[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] 8 out of 10 mobile health apps open to HIPAA violations, hacking, data theft
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2016-01-14 8:20:06
Message-ID: alpine.DEB.2.02.1601140819550.18700 () infosecnews ! org
[Download RAW message or body]

http://www.healthcareitnews.com/news/8-out-10-mobile-health-apps-open-hipaa-violations-hacking-data-theft

By Bill Siwicki
Healthcare IT News
January 13, 2016

A new report shows 84 percent of U.S. FDA-approved health apps tested by 
IT security vendor Arxan Technologies did not adequately address at least 
two of the Open Web Application Security Project top 10 risks.

Most health apps are susceptible to code tampering and 
reverse-engineering, two of the most common hacking techniques, the report 
found. Ninety-five percent of the FDA-approved apps lack binary protection 
and have insufficient transport layer protection, leaving them open to 
hacks that could result in privacy violations, theft of personal health 
information, as well as device tampering and patient safety issues.

The new research from Arxan, which this year placed special emphasis on 
mobile health apps, was based on analysis of 126 popular health and 
finance apps from the United States. United Kingdom, Germany and Japan.

There is a disparity between consumer confidence and the attention given 
to security by app developers, the study found. While the majority of app 
users and app executives said they believe their apps are secure, nearly 
all apps Arxan assessed proved to be vulnerable

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
[prev in list] [next in list] [prev in thread] [next in thread]